🛡️ WaiFai Security Policy

At WaiFai, we care deeply about the privacy, safety, and security of our community. We welcome and appreciate reports from security researchers who help us keep our platform safe and trustworthy.

🔍 Reporting a Vulnerability

If you believe you've discovered a security issue, please report it to us privately and responsibly.

Email: admin@waifai.co
PGP Key: Download here
Preferred Languages: English

We ask that you:

• Provide clear steps to reproduce the issue
• Avoid accessing or modifying user data without consent
• Allow us reasonable time to investigate and resolve the issue before any public disclosure

🤝 Our Commitment

If you report a valid vulnerability:

• We will acknowledge your report within 3 business days
• We aim to resolve critical issues within 10 working days
• We’ll keep you updated throughout the process
• With your permission, we may publicly acknowledge your contribution on our Hall of Thanks page

📜 Out of Scope

We focus on real security vulnerabilities. The following are generally out of scope:

• Clickjacking on pages without sensitive actions
• SPF/DMARC/DKIM misconfigurations
• Missing security headers (unless exploitable)
• Rate limiting or brute-force attacks on non-sensitive endpoints
• Use of outdated libraries without a proven exploit

🙏 Thank You

We appreciate your help in making WaiFai a safer place for everyone. ❤️
Security is a community effort — thanks for being a part of it.